Welcome to Apache

...

Santuario™

The Project

The

{tm}Apache Santuario{tm}

• XML-Signature Syntax and Processing
• XML Encryption Syntax and Processing.

...

• Apache XML Security for Java: This library includes a mature Digital Signature and Encryption implementation. It also includes the standard JSR-105 (Java XML Digital Signature) API. Applications can use the standard JSR 105 API or the Apache Santuario API to create and validate XML Signatures,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
• Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.

Apache Santuario, Apache, and the Apache feather logo are trademarks of The Apache Software Foundation.

News

November 2013

News

August 2019

Version 2.1.4 Version 1.5.6 of the Apache XML Security for Java library has been released.

This release contains a fix for a security advisory - CVE-2019-12400: Apache Santuario potentially loads XML parsing code from an untrusted source. Please see the security advisories page for more information.

Please see the release notes for more information.

June 2013

March 2019

Version 2.1.3 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

November 2018

Version 2.0Security advisory CVE-2013-2210 has been issued, affecting Apache XML-Security for C++ version 1.7.1. Version 1.7.2 of the Apache XML Security for C++ library has been released, addressing this issue.

Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.

Security advisories CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, and CVE-2013-2156, affecting Apache XML-Security for C++ versions prior to 1.7.1, have been issued.

.

This patch corrects a bug that can cause crashes in upstream applications. It is similar to, but not the same as, the one that was patched in V2.0.1, and resulted from further review of the code by the project that contributes all of the current manpower to the project. Appreciation is extended to the Shibboleth Project team for this review.

August 2018

Version 2.0Version 1.7.1 of the Apache XML Security for C++ library has been released, addressing these issues.

March 2013

.

This patch corrects a bug that can cause crashes in upstream applications.

June 2018

Version 2.1.2 Version 1.5.4 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

July 2012

The Apache Santuario team are pleased to announce the release of version 1.7Version 2.0.0 of the Apache XML Security for C++ library. This release provides a few bug fixes and a partial implementation of XML Encryption 1.1 features, including AES-GCM encryption and some support for newer RSA-OAEP variants.

July 2011

A security advisory, CVE-2011-2516, affecting Apache XML-Security for C++ versions prior to 1.6.1, has been issued.

has been released.

Please see the release notes for basic information on bugs addressed. As a major upgrade, this release includes a range of relative minor, but visible, changes to the API that are not explicitly noted there. There are no features of significance added in this version, merely some refactoring and removal of deprecated APIsThe Apache Santuario team are pleased to announce the release of version 1.6.1 of the Apache XML Security for C++ library. This release provides bug fixes and addresses CVE-2011-2516.

Older News

See here for old news.

...